使用 spring security 和 Angularjs 授权访问资源

Question

我在spring security中获得了访问资源的权限，如下代码所示：“用户身份验证来自数据库”

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
     @Autowired
     protected void globalConfig(AuthenticationManagerBuilder auth, DataSource dataSource) throws Exception {
     //auth.inMemoryAuthentication().withUser("user").password("123").roles("USER");
         auth.jdbcAuthentication()
             .dataSource(dataSource)
             .usersByUsernameQuery("select username as principal, password as credentials, etat as actived from utilisateurs where username=?")
             .authoritiesByUsernameQuery("select u.username as principal, ur.nom_role as role from utilisateurs u inner join roles ur on(u.roles_id=ur.id_role) where u.username=?")
             .rolePrefix("ROLE_");
     }

 protected void configure(HttpSecurity http) throws Exception {
          http
         .csrf().disable()
           .sessionManagement().maximumSessions(100).maxSessionsPreventsLogin(false).expiredUrl("/Login");
          http
           .authorizeRequests()
           .antMatchers("/AppJS/**","/images/**","/pdf/**","/Template/**","/Views/**","/MainApp.js").permitAll()
           .antMatchers("/Users/**").access("hasRole('ADMIN')")
           .antMatchers("/Dashbord/**").access("hasRole('ADMIN')")
           .antMatchers("/Login*").anonymous()
           .anyRequest().authenticated()
           .and()
         .formLogin().loginPage("/Login").permitAll()
           .defaultSuccessUrl("/home")
           .failureUrl("/Login?error=true")
           .and().exceptionHandling().accessDeniedPage("/Access_Denied")
           .and()
         .logout()
            .invalidateHttpSession(true)
            .clearAuthentication(true)
            .logoutUrl("/logout")
            .permitAll()
           .logoutSuccessUrl("/Login");


     }

}

随后，我为每个 URL 指定了视图：

@Configuration
public class MvcConfig  extends WebMvcConfigurerAdapter{
    @Override
    public void addViewControllers(ViewControllerRegistry registry) {
      registry.addViewController("/Login").setViewName("Login");
       registry.addViewController("/Dashbord").setViewName("home");
       registry.addViewController("/logout").setViewName("Login");
       registry.addViewController("/Users").setViewName("Views/ListUsers");
    }
}

我使用 angularJS routeProvider 来跟踪 URL：

var app = angular.module('Mainapp', ['ngRoute','file-model','ui.bootstrap','ngMessages']);
app.config(function($routeProvider) {
    $routeProvider
        .when('/Users', {
                controller:'UsersController', 
                templateUrl: 'Views/ListUsers'
        })     
      .when('/Dashbord', {
              controller: 'ResultController',
             templateUrl: 'Views/home.html'
        });  
});

我的问题是如何制作我的访问授权的链接 在 spring security 中使用 angularjs ($ 路由提供者）

谢谢你， 祝你有美好的一天，

Answer 1

您可以尝试启用html5mode，以获得此功能

AngularJS: http://localhost:8080/Users

app.config(function($routeProvider, $locationProvider) {
   $routeProvider
    .when('/Users', {
            controller:'UsersController', 
            templateUrl: 'Views/ListUsers'
    })     
  .when('/Dashbord', {
          controller: 'ResultController',
         templateUrl: 'Views/home.html'
    });  

   $locationProvider.html5Mode(true)
});

Answer 2

我不确定这是否符合您的要求，但是我之前已经使用ngPermission 做过。在此之前，您需要在路线中设置角色列表。

.state('view1', {
        templateUrl: 'view1/view1.html',
        controller: 'View1Ctrl',
        resolve: {
            authorization: ["ngPermissionService", function (ngPermissionService) {

                //you need to call webserivce at this level for get all user's permissions and return it.

                return ngPermissionService.role(["admin"])  

            }]
        }
    });

更多详情click here